maderitetech
asked on
Outlook 2007/2010 Error: The name of the security certificate is invalid or does not match the name of the site when connecting to Exchange 2010
Our environment is Windows Server 2008 R2 Standard SP1, Exchange 2010, office clients running Win7, Outlook 2007/2010.
We just purchased and installed a three year SSL UCC certificate for Exchange 2010 that replaced our old certificate. Although the install and assigning of roles went fine, clients are getting the error message in title, "The name of the security certificate..." As I understand it, the problem is that the clients are looking for server.companydomain.local which the new certificate does not support due to CAB forum changes that will take place in 2016.
I need to resolve this problem. I've searched for answers but haven't found anything similar to this situation. Please help!
We just purchased and installed a three year SSL UCC certificate for Exchange 2010 that replaced our old certificate. Although the install and assigning of roles went fine, clients are getting the error message in title, "The name of the security certificate..." As I understand it, the problem is that the clients are looking for server.companydomain.local
I need to resolve this problem. I've searched for answers but haven't found anything similar to this situation. Please help!
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Configure your public domain on all the virtual directory and services.
Create a DNS zone of public domain for example domain.com and create a host record as mail.domain.com.
this will enable the client to look at the only host mail.domain.com not the local one.
Create a DNS zone of public domain for example domain.com and create a host record as mail.domain.com.
this will enable the client to look at the only host mail.domain.com not the local one.
ASKER
@Spartan,
Yes, I saw it, printed it, studied it, and still don't understand it. Here's my questions.
1. How do I make sure a "DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server."
2. I've only used the EMS to check the amount of whitespace in the database. Please give me an example of these commands assuming the following: server name = MyS, company internal domain = ABC, public domain = abcco.com. Therefore, locally we would be MyS.ABC.local and publically our mail would be https://mail.abcco.com. That would help me to understand what I put where.
Yes, I saw it, printed it, studied it, and still don't understand it. Here's my questions.
1. How do I make sure a "DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server."
2. I've only used the EMS to check the amount of whitespace in the database. Please give me an example of these commands assuming the following: server name = MyS, company internal domain = ABC, public domain = abcco.com. Therefore, locally we would be MyS.ABC.local and publically our mail would be https://mail.abcco.com. That would help me to understand what I put where.
ASKER
@R-R,
Thanks, but even the article says the solution "is likely not a Microsoft supported configuration." I just don't have enough knowledge on the subject to see that as acceptable.
Thanks, but even the article says the solution "is likely not a Microsoft supported configuration." I just don't have enough knowledge on the subject to see that as acceptable.
ASKER
I'm only grading as good because the solution, even though it was perfect, was confusing as to what needed to be changed in our situation.
For those who do not understand the solution, as I did not, I offer the following clarification.
1. How to make sure a DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server. Go to your domain controller and click on Start, Administrative Tools, DNS. Expand the server name and the Forward Lookup Zones folder. Click on the name of your internal domain (for example, ourcompany.local). Look on the right side to see if there is a Host A record with just the name of the server that runs Exchange. If the name of your server is there, the DNS record exists. I suppose opening a command window and running nslookup servername accomplishes the same thing (the result will have an IP address and a fully qualified domain name).
2. When you open the Exchange Management Shell to run the three commands, replace the word HostName with the name of your Exchange server. Also replace the word yourdomain with the name of your public domain. Nothing else needs to be changed. For example, ABC Company has an Exchange server named ABCCES. Their public domain is http://www.abcco.com. Their mail is at https://mail.abcco.com. The first command in the EMS is: Set-ClientAccessServer -Identity "ABCCES" -AutodiscoverServiceIntern alUri https://mail.abcco.com/autodiscover/autodiscover.xml. The second command would be: Set-WebServicesVirtualDire ctory -Identity "ABCCES\EWS (Default Web Site)" -InternalUrl https://mail.abcco.com/ews/exchange.asmx. The third command would be: Set-OABVirtualDirectory -Identity "ABCCES\oab (Default Web Site)" -InternalUrl https://mail.abcco.com/oab.
For those who do not understand the solution, as I did not, I offer the following clarification.
1. How to make sure a DNS record exists mapping the IP Address to the Exchange Client Access (CAS) server. Go to your domain controller and click on Start, Administrative Tools, DNS. Expand the server name and the Forward Lookup Zones folder. Click on the name of your internal domain (for example, ourcompany.local). Look on the right side to see if there is a Host A record with just the name of the server that runs Exchange. If the name of your server is there, the DNS record exists. I suppose opening a command window and running nslookup servername accomplishes the same thing (the result will have an IP address and a fully qualified domain name).
2. When you open the Exchange Management Shell to run the three commands, replace the word HostName with the name of your Exchange server. Also replace the word yourdomain with the name of your public domain. Nothing else needs to be changed. For example, ABC Company has an Exchange server named ABCCES. Their public domain is http://www.abcco.com. Their mail is at https://mail.abcco.com. The first command in the EMS is: Set-ClientAccessServer -Identity "ABCCES" -AutodiscoverServiceIntern
The simplest way would be to add it as another local domain...but I am not sure how Exchange 2010 would cope with it.